February 2018 Chapter Meeting

Summary

Every year more vendors are moving to cloud based solution offerings. This requires you to share your internal, confidential information with external third-parties. So the question is: how can you ensure that their security controls are as good as your own when dealing with your sensitive data? This presentation will provide you with an overview of the risks associated in working with third-party cloud vendors, key security controls to look at, and how to incorporate this information into your vendor management program.

Security and Audit of AWS Cloud

Presenter Carlos Villalba

Unlike traditional data centers where auditors can walk through the facility and receive a compendium of controls implemented to mitigate risks, cloud offerings and some virtualization technologies present unique challenges from an audit point of view. A cloud provider stating they are XYZ compliant does not mean you are automatically compliant. Their services are compliant but anything under your administration needs to address all XYZ controls. This presentation will provide practical tools and strategies that will enable auditors to gain a better understanding of security controls implementation in Amazon cloud offerings.